From a6fe5a73314ef067f26b5402ad65ccdbc32a08f2 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 15 Sep 2009 09:22:55 +0200
Subject: [PATCH] Add TCP_GET_TS1 and TCP_GET_TS2 marco's to efficiently
 retrieve the TCP timestamps in host order.

---
 src/decode-tcp.h | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/decode-tcp.h b/src/decode-tcp.h
index 5dba9ec482..d9d4d604cc 100644
--- a/src/decode-tcp.h
+++ b/src/decode-tcp.h
@@ -1,5 +1,8 @@
 /* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */
 
+/** \file
+ *  \todo RAW* macro's should be returning the raw value, not the host order */
+
 #ifndef __DECODE_TCP_H__
 #define __DECODE_TCP_H__
 
@@ -54,11 +57,20 @@
 
 #define TCP_GET_RAW_WINDOW(tcph)             ntohs((tcph)->th_win)
 
+/** macro for getting the first timestamp from the packet. Timestamp is in host
+ *  order and either returned from the cache or from the packet directly. */
+#define TCP_GET_TS1(p)                       ((p)->tcpc.ts1 != 0 ? \
+                                             (p)->tcpc.ts1 : (p)->tcpvars.ts ? ((p)->tcpc.ts1 = (uint32_t)ntohl((*(uint32_t *)(p)->tcpvars.ts->data))) : 0)
+/** macro for getting the second timestamp from the packet. Timestamp is in
+ *  host order and either returned from the cache or from the packet directly. */
+#define TCP_GET_TS2(p)                       ((p)->tcpc.ts2 != 0 ? \
+                                             (p)->tcpc.ts2 : (p)->tcpvars.ts ? ((p)->tcpc.ts2 = (uint32_t)ntohl((*(uint32_t *)((p)->tcpvars.ts->data+4)))) : 0)
+
 #define TCP_GET_OFFSET(p)                    TCP_GET_RAW_OFFSET(p->tcph)
 #define TCP_GET_HLEN(p)                      TCP_GET_OFFSET(p) << 2
 #define TCP_GET_SRC_PORT(p)                  TCP_GET_RAW_SRC_PORT(p->tcph)
 #define TCP_GET_DST_PORT(p)                  TCP_GET_RAW_DST_PORT(p->tcph)
-#define TCP_GET_SEQ(p)                       TCP_GET_RAW_SEQ(p->tcph) 
+#define TCP_GET_SEQ(p)                       TCP_GET_RAW_SEQ(p->tcph)
 #define TCP_GET_ACK(p)                       TCP_GET_RAW_ACK(p->tcph)
 #define TCP_GET_WINDOW(p)                    TCP_GET_RAW_WINDOW(p->tcph)
 
@@ -105,9 +117,13 @@ typedef struct TCPVars_
     TCPOpt *mss;
 } TCPVars;
 
+/** cache to store parsed/calculated results of the decoder */
 typedef struct TCPCache_ {
     /* checksum computed over the tcp(for both ipv4 and ipv6) packet */
     int32_t comp_csum;
+
+    uint32_t ts1; /**< host order version of the first ts */
+    uint32_t ts2; /**< host order version of the second ts */
 } TCPCache;
 
 #define CLEAR_TCP_PACKET(p) { \
@@ -117,6 +133,8 @@ typedef struct TCPCache_ {
     (p)->tcpvars.ts = NULL; \
     (p)->tcpvars.ws = NULL; \
     (p)->tcpvars.mss = NULL; \
+    (p)->tcpc.ts1 = 0; \
+    (p)->tcpc.ts2 = 0; \
 }
 
 inline uint16_t TCPCalculateChecksum(uint16_t *, uint16_t *, uint16_t);